actionview 5.2.4.3 → 5.2.4.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of actionview might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/lib/action_view/gem_version.rb +1 -1
- data/lib/action_view/helpers/translation_helper.rb +12 -1
- metadata +10 -10
    
        checksums.yaml
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            ---
         | 
| 2 2 | 
             
            SHA256:
         | 
| 3 | 
            -
              metadata.gz:  | 
| 4 | 
            -
              data.tar.gz:  | 
| 3 | 
            +
              metadata.gz: 285d9a982fd985cc0c7b694548154f3e7b52dac3dfa42c9c7dbbd61d07f6ed81
         | 
| 4 | 
            +
              data.tar.gz: e877ec1372d604047b00f5a665397a42952ca07f7ed470a7c64a7c8913630f1e
         | 
| 5 5 | 
             
            SHA512:
         | 
| 6 | 
            -
              metadata.gz:  | 
| 7 | 
            -
              data.tar.gz:  | 
| 6 | 
            +
              metadata.gz: 6293206a2f96b9a349fe3f40f1f42fa81727e38e8333149b60df3bfd56afb39fced4f23c2643eb6fd477bf5b8095e1b31b70cd8f5abbe9d7c577fab225fadfa5
         | 
| 7 | 
            +
              data.tar.gz: b5bffb0c64df5ba0640b1fbc0d4b75ca3e672f3172a4cd9c97280a35681be4419e82ac93b4093c6b2889c05fb26dd02e651e14c75e0aed98006ddadda2ca181d
         | 
    
        data/CHANGELOG.md
    CHANGED
    
    | @@ -1,3 +1,10 @@ | |
| 1 | 
            +
            ## Rails 5.2.4.4 (September 09, 2020) ##
         | 
| 2 | 
            +
             | 
| 3 | 
            +
            *   [CVE-2020-15169] Fix potential XSS vulnerability in the `translate`/`t` helper
         | 
| 4 | 
            +
             | 
| 5 | 
            +
                *Jonathan Hefner*
         | 
| 6 | 
            +
             | 
| 7 | 
            +
             | 
| 1 8 | 
             
            ## Rails 5.2.4.3 (May 18, 2020) ##
         | 
| 2 9 |  | 
| 3 10 | 
             
            *   [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
         | 
| @@ -79,14 +79,22 @@ module ActionView | |
| 79 79 |  | 
| 80 80 | 
             
                    if html_safe_translation_key?(key)
         | 
| 81 81 | 
             
                      html_safe_options = options.dup
         | 
| 82 | 
            +
             | 
| 82 83 | 
             
                      options.except(*I18n::RESERVED_KEYS).each do |name, value|
         | 
| 83 84 | 
             
                        unless name == :count && value.is_a?(Numeric)
         | 
| 84 85 | 
             
                          html_safe_options[name] = ERB::Util.html_escape(value.to_s)
         | 
| 85 86 | 
             
                        end
         | 
| 86 87 | 
             
                      end
         | 
| 88 | 
            +
             | 
| 89 | 
            +
                      html_safe_options[:default] = MISSING_TRANSLATION unless html_safe_options[:default].blank?
         | 
| 90 | 
            +
             | 
| 87 91 | 
             
                      translation = I18n.translate(scope_key_by_partial(key), html_safe_options.merge(raise: i18n_raise))
         | 
| 88 92 |  | 
| 89 | 
            -
                      translation. | 
| 93 | 
            +
                      if translation.equal?(MISSING_TRANSLATION)
         | 
| 94 | 
            +
                        options[:default].first
         | 
| 95 | 
            +
                      else
         | 
| 96 | 
            +
                        translation.respond_to?(:html_safe) ? translation.html_safe : translation
         | 
| 97 | 
            +
                      end
         | 
| 90 98 | 
             
                    else
         | 
| 91 99 | 
             
                      I18n.translate(scope_key_by_partial(key), options.merge(raise: i18n_raise))
         | 
| 92 100 | 
             
                    end
         | 
| @@ -121,6 +129,9 @@ module ActionView | |
| 121 129 | 
             
                  alias :l :localize
         | 
| 122 130 |  | 
| 123 131 | 
             
                  private
         | 
| 132 | 
            +
                    MISSING_TRANSLATION = Object.new
         | 
| 133 | 
            +
                    private_constant :MISSING_TRANSLATION
         | 
| 134 | 
            +
             | 
| 124 135 | 
             
                    def scope_key_by_partial(key)
         | 
| 125 136 | 
             
                      if key.to_s.first == "."
         | 
| 126 137 | 
             
                        if @virtual_path
         | 
    
        metadata
    CHANGED
    
    | @@ -1,14 +1,14 @@ | |
| 1 1 | 
             
            --- !ruby/object:Gem::Specification
         | 
| 2 2 | 
             
            name: actionview
         | 
| 3 3 | 
             
            version: !ruby/object:Gem::Version
         | 
| 4 | 
            -
              version: 5.2.4. | 
| 4 | 
            +
              version: 5.2.4.4
         | 
| 5 5 | 
             
            platform: ruby
         | 
| 6 6 | 
             
            authors:
         | 
| 7 7 | 
             
            - David Heinemeier Hansson
         | 
| 8 8 | 
             
            autorequire: 
         | 
| 9 9 | 
             
            bindir: bin
         | 
| 10 10 | 
             
            cert_chain: []
         | 
| 11 | 
            -
            date: 2020- | 
| 11 | 
            +
            date: 2020-09-09 00:00:00.000000000 Z
         | 
| 12 12 | 
             
            dependencies:
         | 
| 13 13 | 
             
            - !ruby/object:Gem::Dependency
         | 
| 14 14 | 
             
              name: activesupport
         | 
| @@ -16,14 +16,14 @@ dependencies: | |
| 16 16 | 
             
                requirements:
         | 
| 17 17 | 
             
                - - '='
         | 
| 18 18 | 
             
                  - !ruby/object:Gem::Version
         | 
| 19 | 
            -
                    version: 5.2.4. | 
| 19 | 
            +
                    version: 5.2.4.4
         | 
| 20 20 | 
             
              type: :runtime
         | 
| 21 21 | 
             
              prerelease: false
         | 
| 22 22 | 
             
              version_requirements: !ruby/object:Gem::Requirement
         | 
| 23 23 | 
             
                requirements:
         | 
| 24 24 | 
             
                - - '='
         | 
| 25 25 | 
             
                  - !ruby/object:Gem::Version
         | 
| 26 | 
            -
                    version: 5.2.4. | 
| 26 | 
            +
                    version: 5.2.4.4
         | 
| 27 27 | 
             
            - !ruby/object:Gem::Dependency
         | 
| 28 28 | 
             
              name: builder
         | 
| 29 29 | 
             
              requirement: !ruby/object:Gem::Requirement
         | 
| @@ -92,28 +92,28 @@ dependencies: | |
| 92 92 | 
             
                requirements:
         | 
| 93 93 | 
             
                - - '='
         | 
| 94 94 | 
             
                  - !ruby/object:Gem::Version
         | 
| 95 | 
            -
                    version: 5.2.4. | 
| 95 | 
            +
                    version: 5.2.4.4
         | 
| 96 96 | 
             
              type: :development
         | 
| 97 97 | 
             
              prerelease: false
         | 
| 98 98 | 
             
              version_requirements: !ruby/object:Gem::Requirement
         | 
| 99 99 | 
             
                requirements:
         | 
| 100 100 | 
             
                - - '='
         | 
| 101 101 | 
             
                  - !ruby/object:Gem::Version
         | 
| 102 | 
            -
                    version: 5.2.4. | 
| 102 | 
            +
                    version: 5.2.4.4
         | 
| 103 103 | 
             
            - !ruby/object:Gem::Dependency
         | 
| 104 104 | 
             
              name: activemodel
         | 
| 105 105 | 
             
              requirement: !ruby/object:Gem::Requirement
         | 
| 106 106 | 
             
                requirements:
         | 
| 107 107 | 
             
                - - '='
         | 
| 108 108 | 
             
                  - !ruby/object:Gem::Version
         | 
| 109 | 
            -
                    version: 5.2.4. | 
| 109 | 
            +
                    version: 5.2.4.4
         | 
| 110 110 | 
             
              type: :development
         | 
| 111 111 | 
             
              prerelease: false
         | 
| 112 112 | 
             
              version_requirements: !ruby/object:Gem::Requirement
         | 
| 113 113 | 
             
                requirements:
         | 
| 114 114 | 
             
                - - '='
         | 
| 115 115 | 
             
                  - !ruby/object:Gem::Version
         | 
| 116 | 
            -
                    version: 5.2.4. | 
| 116 | 
            +
                    version: 5.2.4.4
         | 
| 117 117 | 
             
            description: Simple, battle-tested conventions and helpers for building web pages.
         | 
| 118 118 | 
             
            email: david@loudthinking.com
         | 
| 119 119 | 
             
            executables: []
         | 
| @@ -230,8 +230,8 @@ homepage: http://rubyonrails.org | |
| 230 230 | 
             
            licenses:
         | 
| 231 231 | 
             
            - MIT
         | 
| 232 232 | 
             
            metadata:
         | 
| 233 | 
            -
              source_code_uri: https://github.com/rails/rails/tree/v5.2.4. | 
| 234 | 
            -
              changelog_uri: https://github.com/rails/rails/blob/v5.2.4. | 
| 233 | 
            +
              source_code_uri: https://github.com/rails/rails/tree/v5.2.4.4/actionview
         | 
| 234 | 
            +
              changelog_uri: https://github.com/rails/rails/blob/v5.2.4.4/actionview/CHANGELOG.md
         | 
| 235 235 | 
             
            post_install_message: 
         | 
| 236 236 | 
             
            rdoc_options: []
         | 
| 237 237 | 
             
            require_paths:
         |